Æí¸®ÇÑ È£½ºÆà ¹Ì¼ÒIDC

   
 
 
 

      1Â÷ ³×ÀÓ¼­¹ö :
      ns1.misoidc.com
      101.79.73.101

      2Â÷ ³×ÀÓ¼­¹ö :
      ns2.misoidc.com
      101.79.73.105

      ¾îÁ¦ : 246 ,¿À´Ã : 62
      Àüü : 1,213,455


     

 

 
ÀÛ¼ºÀÏ : 12-05-21 18:19
rsyslog + LogAnalyzer
 ±Û¾´ÀÌ : ½ÑÀ¥È£½ºÆÃ
Á¶È¸ : 61,925  
   http://blog.redbranch.net/2011/03/04/rsyslog-and-log-analyzer/ [15662]

These are the steps I took to create a centralised location of system logs. In this scenario multiple servers (earth, venus, mars) send their system logs to a central server (sun 192.168.1.1). I¡¯m not going to cover the configuration of Apache, MySql except were it applies to Log Analyzer. Most of the servers are running Red Hat / CentOS 5. In this setup I am using 192.168.0.0 as the subnet and topsecret as the password. Change as appropriate. More info here.

Central Server (sun):

On the central server (sun) which will be running Log Analyzer, these steps only need to be taken once. If you only want to add more servers sending their syslogs to sun skip this section:

yum install httpd php mysql php-mysql mysql-server wget rsyslog rsyslog-mysql

Create the rsyslog database structure in MySQL:

mysql -u root -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

Create the MySQL user:

mysql -u root -p mysql
mysql> GRANT ALL ON Syslog.* TO rsyslog@localhost IDENTIFIED BY ¡®topsecret¡¯;
mysql> flush privileges;
mysql> exit

Edit the rsyslog config file:

vi /etc/rsyslog.conf

Add the following at the top:

$AllowedSender UDP, 127.0.0.1, 192.168.0.0/16
$AllowedSender TCP, 127.0.0.1, 192.168.0.0/16

#UDP log
$ModLoad imudp
$UDPServerRun 514
#TCP log
$ModLoad imtcp
$InputTCPServerRun 514

$ModLoad ommysql
*.info :o mmysql:127.0.0.1,Syslog,rsyslog,topsecret

Amend the rsyslog startup options:

vi /etc/sysconfig/rsyslog

<IFRAME style="POSITION: absolute; TOP: 0px; LEFT: 0px" id=aswift_0 height=60 marginHeight=0 frameBorder=0 width=468 allowTransparency name=aswift_0 marginWidth=0 scrolling=no></IFRAME>

Set the options as follows:

SYSLOGD_OPTIonS=¡±-r -t154 -m 0¡È

Now disable the standard syslog and enable rsyslog:

chkconfig syslog off
service syslog stop
chkconfig rsyslog on
service rsyslog start

Install Log Analyzer:

cd /tmp
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.7.tar.gz
tar xzf loganalyzer-3.0.7.tar.gz
mv loganalyzer-3.0.7/src /var/www/html/loganalyzer
mv loganalyzer-3.0.7/contrib/* /var/www/html/loganalyzer
cd /var/www/html/loganalyzer
chmod u+x configure.sh secure.sh
./configure.sh

Now browse the website e.g. http://sun/loganalyzer
Follow the installer adding your MySQL credentials when requested.

Amend the firewall on the central (sun) server to allow other servers:

vi /etc/sysconfig/iptables

Add:

-A RH-Firewall-1-INPUT -p udp -m udp –dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 514 -j ACCEPT

Restart iptables:

service iptables restart

Remote Servers
Configure Other Servers (mars, venus, earth) to send their syslogs to the central server (sun):
Install rsyslog:

yum install rsyslog

Edit the config:

vi /etc/rsyslog.conf

Add:

*.info @192.168.1.1:514

I add this on line number 2 below $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Set rsyslog as the default syslogger:

/sbin/chkconfig syslog off
/sbin/chkconfig rsyslog on
service syslog stop
service rsyslog start

Using *.info could collect a lot of messages so customise as necessary, for example changing to *.crit will collect less messages of higher importance.



 
 

Total 78
¹øÈ£ Á¦   ¸ñ ±Û¾´ÀÌ ³¯Â¥ Á¶È¸
63 centos¿¡ oracle 11gR2 ¼³Ä¡ ½ÑÀ¥È£½ºÆà 09-21 83606
62 Alteon L4½ºÀ§Ä¡ configuration ÃʱâÈ­ ¹× Dump ÀýÂ÷ ½ÑÀ¥È£½ºÆà 11-28 74138
61 ÅèĹ ¾ÆÆÄÄ¡ ¿¬µ¿½Ã °£´ÜÇÑ ¼³Á¤ ½ÑÀ¥È£½ºÆà 06-28 73946
60 PHP Session °øÀ¯ (memcached ÀÌ¿ë) ½ÑÀ¥È£½ºÆà 11-01 66018
59 backuppc ¼Ò½º¼³Ä¡ Çϱâ (1) ½ÑÀ¥È£½ºÆà 06-11 65574
58 [CREATE DATABASE] ¿À¶óŬ DB ¼öµ¿»ý¼º ( CREATE DATABASE ÀÌ¿ë) ½ÑÀ¥È£½ºÆà 07-07 64135
57 rsyslog + LogAnalyzer ½ÑÀ¥È£½ºÆà 05-21 61926
56 wowza live ½ºÆ®¸®¹Ö ½ÑÀ¥È£½ºÆà 10-11 61672
55 À©µµ¿ì¿¡¼­ ¿À¶óŬ InstantClient ¼³Ä¡ ÈÄ Toad ¿¬°á¹ý ½ÑÀ¥È£½ºÆà 07-07 58255
54 HP ProLiant ¼­¹ö¿¡ RAID 1À¸·Î Ubuntu 10.4 LTS , HP Sotware ¡¦ ½ÑÀ¥È£½ºÆà 02-22 55916
53 CentOS 4.x ¹öÁ¯¿¡ php5, mysql5 ¸¦ yum À¸·Î ¼³Ä¡ °¡´ÉÇÏ°ÔÇϱ⠽ÑÀ¥È£½ºÆà 06-29 53307
52 Wowza ¼³Ä¡ ¹× Æ©´× ½ÑÀ¥È£½ºÆà 10-11 52897
51 The 5 minute DBA: Default My.cnf File ½ÑÀ¥È£½ºÆà 03-06 52767
50 ¸®´ª½º¿ë ¹é½Å - f-prot ¼³Ä¡ ¹× »ç¿ë¹ý ½ÑÀ¥È£½ºÆà 05-24 51428
49 ¾ÆÆÄÄ¡1 ÅèĹ5 ½ÑÀ¥È£½ºÆà 11-16 50587
 1  2  3  4  5  6